Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Using ROPC flow for login

I do not recommend anyone to use this flow in the manner it is used here. This flow has few really valid use cases, and using it to bypass the Microsoft login page is not of them. Please, do not do this.

This sample shows how an app could try to bypass the Azure AD login page and implement its own. The user inputs their credentials and the app logs the user in using the Resource Owner Password Credentials grant flow. It then calls the EmployeeApi on the user's behalf.

It does work for some users, but still is generally bad for security/privacy + it teaches users to fall for phishing.

This login does not work if the user:

  • Has MFA
  • Has an expired password
  • Is a federated account

Do not use the ROPC flow in new apps.


You can’t perform that action at this time.